<?php
/* $Id: auth.php 14 2009-04-11 17:40:34Z ronan $ */
include_once("common.php");
session_start();

if(!strpos($_SERVER['REQUEST_URI'], "php") && $ingame) 
	header( 'location:http://'.$_SERVER['HTTP_HOST'].'/index.php' );

//Set uid, pwd to either the newly posted login data or the previous data from the session
$uid = isset($_POST['uid']) ? $_POST['uid'] : (isset($_SESSION['uid'])? $_SESSION['uid'] : null);
//if(isset($uid)) $uid = str_replace("\\", "", $uid);
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : (isset($_SESSION['pwd'])? $_SESSION['pwd'] : null);
//if(isset($pwd)) $pwd = str_replace("\\", "", $pwd);

if(!isset($uid)) { //not logged in
	include("header.php");
 	?>
 <h1> Login Required </h1>
 <p>You must log in to access this area of the site. To <a href="register.php">register</a>, you must be using the Trusted IGB.</p>
 <p>Forgotten your password? <a href="passret.php">Click here</a> in the Trusted IGB. <button type="button" onclick="CCPEVE.requestTrust('http://market.tgrads.com')">Request Trust</button>
 <form method="post" action="index.php">
   <table border=0 cellspacing=0 cellpadding=5><tr><td>User ID: </td><td><input type="text" name="uid" size="20" value="<?php echo (isset($_SERVER['HTTP_EVE_CHARNAME'])?$_SERVER['HTTP_EVE_CHARNAME']:""); ?>" /></td></tr>
   <tr><td>Password: </td><td><input type="password" name="pwd" SIZE="20" /></td></tr></table>
   <input type="submit" value="Log in" />
 </form></p>
 	<?php
 	include("footer.php");
 	exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

//if((isset($pwd)&&!is_alphanumeric($pwd)) || (isset($uid)&& strpos($uid, "\\"))) {$authnumrows=0;}
//else
	$authresult = Query("SELECT * FROM users WHERE name = '$uid' AND password = PASSWORD('$pwd')");
$uid=ucwords($uid);
if (isset($authresult) && !$authresult) {
 	unset($_SESSION['uid']);
 	unset($_SESSION['pwd']);
 	quit('A database error occurred - If the error persists, contact Ronan Teisdari in game (or out of game at ronan.teisdari@gmail.com).');
}
$authnumrows=(isset($authnumrows)?$authnumrows:mysql_num_rows($authresult));
if ($authnumrows == 0) {
 	unset($_SESSION['uid']);
 	unset($_SESSION['pwd']);
 	include("header.php");
 	?>
 <h1> Access Denied </h1>
 <p>Your username or password is incorrect, or you are not registered. To try logging in again, click
    <a href="index.php">here</a>. To <a href="register.php">register</a>, you must be using the IGB.</p>
 <?php
 include("footer.php");
 exit;
}

//Log out
if(isset($_GET['logout'])) {
	unset($_SESSION['uid']);
	unset($_SESSION['pwd']);
	unset($uid);
	unset($pwd);
	header( 'Location: http://'.$_SERVER['HTTP_HOST'].implode("/", (explode('/', $_SERVER['REQUEST_URI'], -1))).'/index.php' ) ;
}
//Set userlevel for later use. Mostly the function below it.
$userLevel = mysql_result($authresult,0,'userLevel');
$uidnum = mysql_result($authresult,0,'id');
$useremail=mysql_result($authresult,0,'email');
function RequireUserLevel($l){
	global $userLevel;
	//if(!isset($userLevel) || $userLevel=='user' || ($l=='admin' && $userLevel=='producer'))
	if(!in_array($userLevel, $l))
		quit("You do not have authorization to view this page.");
}
$userHasLevel = array("user"=>true, "producer"=>($userLevel=='producer' || $userLevel =='admin' || $userLevel =='producertrader'), "trader"=>($userLevel=='trader' || $userLevel =='admin' || $userLevel =='producertrader'), "admin"=>($userLevel=='admin'));
function RequireTrue($a) {
	if(!$a) quit("You do not have authorization to view this page");
}
?>
